Splunk Enterprise

splunk cloud or splunk enterpise which one should i use

himanish2008
Explorer

I am using a trial version in my laptop for connecting to apigee a cloud based api management platform.Apigee is google product.
Which one should i use splunk enterprise or splunk cloud?
Please suggest....

Data will come in by the tcp connection...

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi himanish2008,
you should choose the best solution following your digital strategy:

  • if you're applying a digital transformation to cloud, use Splunk Cloud,
  • if your policies want to maintain data in your own infrastructure Usually banks do this), use Splunk Enterprise on-premise.

In addition, you should define your infrastructure requirements:

  • do you want High Availability?
  • what's your infrastructure availability (servers, management, resources, skilled people, etc...)?
  • have you a large infrastrucre to monitor?

I can report my experience:

  • if you're starting with Splunk, it's easier to have an on premise installation to continuously access the servers, instead on Cloud you have to ask some jobs to Splunk that has own Service Level Agreement,
  • if you haven't many servers and people to manage them, Splunk Cloud solves many problems and gives HA features (to manage many logs and and users with HA features you need many Servers).

Anyway, remember that if you choose Splunk Cloud, you have to use also some on premise features:

  • at least two (or more) Heavy Forwarders to concentrate logs and send them to Cloud,
  • install agent (Universal Forwarders) on servers to monitor;
  • install a Deployment Server to manage all the Universal Forwarders (if you have more than 50 UFs you need a dedicated server)
  • use Heavy Forwarders to ingest and send to Cloud syslogs.

Anyway, on your desktop you can use only Splunk on-premise obviously.
At the end, as you already understood, the choose is a trategic choose not a technical choose.

Bye.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi himanish2008,
you should choose the best solution following your digital strategy:

  • if you're applying a digital transformation to cloud, use Splunk Cloud,
  • if your policies want to maintain data in your own infrastructure Usually banks do this), use Splunk Enterprise on-premise.

In addition, you should define your infrastructure requirements:

  • do you want High Availability?
  • what's your infrastructure availability (servers, management, resources, skilled people, etc...)?
  • have you a large infrastrucre to monitor?

I can report my experience:

  • if you're starting with Splunk, it's easier to have an on premise installation to continuously access the servers, instead on Cloud you have to ask some jobs to Splunk that has own Service Level Agreement,
  • if you haven't many servers and people to manage them, Splunk Cloud solves many problems and gives HA features (to manage many logs and and users with HA features you need many Servers).

Anyway, remember that if you choose Splunk Cloud, you have to use also some on premise features:

  • at least two (or more) Heavy Forwarders to concentrate logs and send them to Cloud,
  • install agent (Universal Forwarders) on servers to monitor;
  • install a Deployment Server to manage all the Universal Forwarders (if you have more than 50 UFs you need a dedicated server)
  • use Heavy Forwarders to ingest and send to Cloud syslogs.

Anyway, on your desktop you can use only Splunk on-premise obviously.
At the end, as you already understood, the choose is a trategic choose not a technical choose.

Bye.
Giuseppe

0 Karma

woodcock
Esteemed Legend

Cloud runs in cloud so use full Splunk Enterprise with a FREE developer license, but if you are sending TCP, then you should be running syslog-ng to receive it and forward to splunk by dropping to disk or using the Http Event Collector.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

By definition, Splunk Cloud runs in the cloud, not on your laptop. Therefore, you must run Splunk Enterprise on your laptop.

Try the Add-on for Apigee Edge Private Cloud app (https://splunkbase.splunk.com/app/4064/#/details).

---
If this reply helps you, Karma would be appreciated.
0 Karma

himanish2008
Explorer

Please help me connect to apigee a google based api management platform..

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...